These are my thoughts, not news. This seemed like the right forum to put them in, so sorry if it's not.

It seems to me that our ability to gather information on computers is outpacing our ability to conceal it, and could lead to a "cameras everywhere" environment where everyone knows what everyone else is doing. I think this because of the growing number of people who are computer-literate, and sites like this one that help people figure out the basics of hacking, combined with the low security standards of most of the internet.

Now, if there's no privacy to start with, then there can't be encryption, because anyone looking at an encrypted file could just find a copy of the pre-encrypted message, so cryptography would be useless.

Miryafa wrote:These are my thoughts, not news. This seemed like the right forum to put them in, so sorry if it's not.

It seems to me that our ability to gather information on computers is outpacing our ability to conceal it, and could lead to a "cameras everywhere" environment where everyone knows what everyone else is doing. I think this because of the growing number of people who are computer-literate, and sites like this one that help people figure out the basics of hacking, combined with the low security standards of most of the internet.

Now, if there's no privacy to start with, then there can't be encryption, because anyone looking at an encrypted file could just find a copy of the pre-encrypted message, so cryptography would be useless.

Does this seem plausible to anyone else?

No no no no no NO non!

Encryption won't be obsolete for any part of the next century. It was used for ages as a means of defending information, and that's how it's going to stay. If the government gets the ability to monitor us 24/7, either we'll be too dumb-struck to notice, or there will be a massive revolt against it. But seriously, consider this; several cities around the world already have mass free WiFi available to everyone. Lets say our Joe Shmo wants to make a secure bank transaction but doesn't have his own private network. No problem! Encrypt everything.

Especially with new algorithms such as zero knowledge and private outsourcing computation constantly being developed, encryption is far from a dead language. We will continue to use encryption until the day that we feel we have nothing to hide from our neighbors.

Encryption won't be obsolete for any part of the next century. It was used for ages as a means of defending information, and that's how it's going to stay. If the government gets the ability to monitor us 24/7, either we'll be too dumb-struck to notice, or there will be a massive revolt against it. But seriously, consider this; several cities around the world already have mass free WiFi available to everyone. Lets say our Joe Shmo wants to make a secure bank transaction but doesn't have his own private network. No problem! Encrypt everything.

Especially with new algorithms such as zero knowledge and private outsourcing computation constantly being developed, encryption is far from a dead language. We will continue to use encryption until the day that we feel we have nothing to hide from our neighbors.

Wow! I'm glad at least one person feels strongly about this. Now my only question is: why is this topic still at the top of the board with only 1 reply? (jk)

I know next to nothing about hacking. Is it really possible to securely encrypt information, resistant to all attacks, on wifi? I would guess that the widespread use of wifi already answers this question, yet I'm not sure. Are there attacks that are used so rarely that current security conventions are still insecure?

And more importantly to the main topic: is cryptography really advancing faster than cryptanalysis?

Miryafa wrote:I know next to nothing about hacking. Is it really possible to securely encrypt information, resistant to all attacks, on wifi?

I don't believe anything is truly secure and nothing ever will be truly secure. There will always be a way to get around some measure of security you just have to find it. But to answer your first question. No! encryption will never be obsolete there is always someone trying to hide something.

Miryafa wrote:Is it really possible to securely encrypt information, resistant to all attacks, on wifi?

Not exactly. See, as long as someone can continually listen in onto your conversation with a website or another computer, they will always have to ability to crack any encryption you use. The trick is to use secure encryption which doesn't have any significant vulnerabilities (i.e. don't use encryptions that send the key in plain text in the first packet, ready for everyone who is tuned in to read), and has a key space that is too large for the attacker to crack in time (i.e. use an encryption method that would take days to crack with brute force rather than one that takes a couple of hours)

Miryafa wrote:Are there attacks that are used so rarely that current security conventions are still insecure?

Yup, zero-days. The gold mines of computer security.

Miryafa wrote:And more importantly to the main topic: is cryptography really advancing faster than cryptanalysis?

Dunno, but what i do know is that scientific and mathematical advancements occur on an exponential scale, and because cryptanalysis came after cryptography, cryptography will always have a slight advantage in the race to explore it all.

No, not with peoples ability to create their own custom FUD's and other types of encryption software.

Viruses are encrypted after being made, but once released and discovered and the FUD of that virus is exposed, AV software knows what to look for; that is one of the ways your AV finds viruses. This is also why Viruses don't really even become "obsolete" they are only stopped from using that FUD. All the virus owner has to do is simply encrypt his virus again with a new custom FUD and release it again.

In comparison, I guess you could say it is like your wifi encryption in a way. Say you notice someone on your network that is unauthorized and he gained access via cracking your wep, wpa, or whatever encryption you had. He then loses access to your network, but he could crack your password again and gain access yet again. The only way you could prevent him from getting on your network (assuming he has an amazing dictionary with every password known to mankind) is to get rid of him. Same goes for the encryption; the only way to stop your files (encrypted files = hackers dictionary) from being pointless of encryption is if the government (government = Network Owner) removed all access to encryption software (encryption software = Network key) completely; which will never happen.

Same thing applies here, if you encrypt a file or anything for that matter with your own custom algorithm that only you know, the chances of your encryption to become irrelevant is nearly impossible; unless we came out with a drastically crazy security suite that could easily detect algorithms, which I do not see happening.

The only way it would become obsolete is if everyone was being key-logged on a day to day basis by the "fake" cyber police.

1. No system is safe.2. Aim for the the impossible.3. Have fun in cyberspace and meatspace.

Miryafa wrote:I know next to nothing about hacking. Is it really possible to securely encrypt information, resistant to all attacks, on wifi? I would guess that the widespread use of wifi already answers this question, yet I'm not sure. Are there attacks that are used so rarely that current security conventions are still insecure?

When you're loggin in to websites (like gmail or something like that) in public wifi always use https://. It's just that part that decreases the risk, because when someone is doing a MitM attack they will not just see your passwords in plain text instead they will see it encrypted.

cilpolir wrote:When you're loggin in to websites (like gmail or something like that) in public wifi always use https://. It's just that part that decreases the risk, because when someone is doing a MitM attack they will not just see your passwords in plain text instead they will see it encrypted.

Neat strategy! I'll remember that.

As for MitM attacks, am I right in thinking that if a MitM attack is successful, everything goes to pot (secret keys are lost, then authentication and passwords, etc)?

Now MiTM can range from doing nothing, to simply monitoring the traffic, to more advanced techniques that include but are not limited to session stealing, harvesting SSL logins (in plain text), and force redirecting traffic. (Example; forced redirect the request to a different site. As in the victim trying to go to google and instead connects to a site of your choice; or changing all the pictures the victim loads to something of your choice.

However, just because a MiTM attack might be happening that does not mean that the hacker knows how to effectively utilize the attack to it's full potential. Ensuring HTTPS is active for your logins is still highly recommended.

"The quieter you become, the more you are able to hear...""Drink all the booze, hack all the things."